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ABSTRACT 

Utilizing distributed storage administrations, clients can store their Information in the cloud to maintain a strategic distance from 
the consumption of neighborhood information stockpiling support. To guarantee the uprightness of the information put away in 
the Cloud, numerous information, honesty examining plans have been proposed. A client needs to Utilize his private key to 
produce the information authenticators for Understanding the information respectability reviewing. In this way, the client needs to 
have an equipment token to store his private Key and retain a secret phrase to enact this private key. In the event that this 
Equipment token is lost or this secret phrase is overlooked, the majority of the Current information, trustworthiness inspecting 
plans would be notable work. We propose another worldview Called information uprightness inspecting without private key 
stockpiling and Plan such a plan. In this plan, we use biometric informationas the client's fluffy private key to Abstain from 
utilizing the equipment token. In the interim, the plan can at present Successfully complete the information respectability 
auditing. We use a direct Sketch with coding and blunder revision procedures to affirm The personality of the client. We use 
another mark Conspire which supports blacklist certainty. The security evidence and the Execution examination demonstrates that 
our proposed plan accomplishes Attractive security andeffectiveness. 
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1.INTRODUCTION 


Cloud storage can provide powerful and on- 
demand data storage services for users. By using the cloud 
service, users can outsource their data to the cloud without 
wasting substantial maintenance expenditure of hardware 
and software, which brings great benefits to users. 
However, once the users upload their data to the cloud, they 
will lose the physical control of their data since they no 
longer keep their data in local. Thus, the integrity of the 
cloud data is hard to be guaranteed, due to the inevitable 
hardware/software failures and human errors in 
thecloud.Many data integrity auditing schemes have been 
proposed to allow either the data owner or the Third Party 
Auditor (TPA) to check whether the data stored in the cloud 
is intact or not. These schemes focus on different aspects of 
data integrity auditing, such as data dynamic operation [3— 
5], the privacy protection of data and user identities [6—8], 
key exposure resilience [9-11], the simplification of 
certificate management [12, 13] and privacy-preserving 
authenticators [14], etc. In the above data integrity auditing 
schemes, the user needs to generate authenticators for data 
blocks with his private key. It means that the user has to 
store and manage his private key in a secure manner [15]. In 
general, the user needs a portable secure hardware token 
(e.g. USB token, smart card) to store his private key and 
memorizes a password that is used to activate this private 
key. The user might need to remember multiple passwords 

ala | 


Tech / 


for different secure applications in practical scenarios, 
which is not user friendly. In addition, the hardware token 
that contains the private key might be lost. Once the 
password is forgotten or the hardware token is lost, the user 
would no longer be able to generate the authenticator for 
any new data block. The data integrity auditing will not be 
functioning as usual. Therefore, it is very interesting and 
appealing to find a method to realize data integrity auditing 
without storing the privatekey. 


2.EXISTINGS YSTEM 


In Existing system, users can store their data in the 
cloud to avoid the expenditure of local data storage and 
maintenance. To ensure the integrity of the data stored in 
the cloud, many data integrity auditing schemes have been 
proposed. In most, if not all, of the existing schemes, a user 
needs to employ his private key to generate the data 
authenticators for realizing the data integrity auditing. Thus, 
the user has to possess a hardware token (e.g. USB token, 
smart card) to store his private key and memorize a 
password to activate this private key. 
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3.SYSTEM DESIGN 


Cloud 


Fig. 1. System model of our data integrity auditing 


BilinearMaps 

Assume G1 and G2 are two multiplicative cyclic 
groups which have the same prime order p. A mape: GI x 
G1 — G2 is called bilinear map if it satisfies the following 
properties: a) Bilinearity: for allu, v€ Gl anda,bE Z*p, 
eua, vb = e(u, v) ab . b) Non-degeneracy: e (g, g) 6= 1, 
where g is a generator of G1. c) Computability: there exists 
an efficiently computable algorithm for computing map e : 
Gl x Gl — G2. Let PPGen be a bilinear groups generation 
algorithm (referred to as a bilinear group generator) which 
takes | k (k is a security parameter) as input, and generates 
a description of bilinear groups P P = (p, G1, G2, g,e). 


SecurityAssumption 

The security of our proposed scheme is based on 
the following security assumptions: Computational Diffie- 
Hellman (CDH) Problem. Given g, g x and h € G1, where x 
€ Z * p is unknown, compute h x €GI1. Definition 1: 
(Computational Diffie-Hellman (CDH) Assumption) The 
advantage of a probabilistic polynomial time algorithm A in 
solving the CDH problem in G1 iAdvCDHA = P r[A(g, gx , 
h=hx:xR—Z+*p,hR< Gl]. The probability is taken 
over the choice of x and h, and the coin tosses of A. The 
CDH assumption means, for any polynomial time algorithm 
A, the advantage that A solves the CDH problem in G1 is 
negligible. Discrete Logarithm (DL) Problem. Given g, g x 
€ G1, where x € Z * p are unknown, compute x. Definition 
2: (Discrete Logarithm (DL) Assumption) The advantage of 
a probabilistic polynomial time algorithm A in solving the 
DL problem in G1 is defined as AdvDLA = P r[A(g, gx ) = 
x: x R< Z * p ]. The probability is taken over the choice 
of x, and the coin tosses of A. The DL assumption means, 
for any polynomial time algorithm A, the advantage that A 
solves the DL problem in G1 is negligible. 


Formalization of Fuzzy KeySetting 

In a typical biometric authentication scheme [39], 
biometric data y = (yl, ..., yn) € Y (Y is the metric space 
including all possible biometric data y) is extracted from a 
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user in the phase of registration. In the phase of 
authentication, biometric data y O= (y01,..., yOn) € Y is 
extracted from a user. If y 0 is sufficiently close to y, we 
can conclude that the user who generated the biometric data 
y O and the user who generated the biometric data y are the 
same user; otherwise, they are different users. A fuzzy key 
setting FKS includes ((d, Y), y, ¢, Q, 8) [37]. These symbols 
are defined asfollows: 

a) (d, Y): This is a metric space, where Y (Y := [0, 
1)n C Ro, R is the set of all real numbers) is the 
vector space including all possible biometric data y 
(yl, ..., yn) € Y, andd: Y x Y > Rnis the 
corresponding distance function. We define d(y, y 
0) = maxie€ {1,....n}|yi — y 01| for vectors y = (yl, 
.» yn), yO=(y01,..., yOn) EY. 

b)_ y: This is a uniform distribution of biometric data 
overY. 

c) ¢: This is the threshold value which belongs to R 
and is determined by a security parameter k (k = 
b-nlog?2 (2€)c). We set that p1 is the probability 
that two different users are accepted in the phase of 
identity authentication, it means that two different 
users are considered to be the same user. We 
require that this probability p1 is negligible in k 
based on é. In other words, if the distance between 
two different biometric data y and y 0 is less than ¢ 
(that is d(y, y 0 ) <6), the probability p1 is 
negligible ink. 

d) Q: This is an error distribution. If a user extracts 
biometric data y in the phase of 
registration,andextractsbiometricdatayOnexttime, yO 
followsthedistribution {e—-RQ; y0<-— y+e: y 0}. 
We can know that e is the “noise” of the biometric 
data extracted from the same user and the error 
distribution Q is independent of individual. e) 0: 
This is an error parameter within [0, 1]. 


We can know that if y is the biometric data 
extracted from a user and e<-RQ is the “noise” of the 
biometric data extracted from the same user, y+e should be 
the biometric data extracted from the same user. We assume 
p2 is the probability that the same user is rejected in the 
phase of identity authentication, it means that a user is 
considered to be two different users. We require that the 
probability p2 is less than or equal to 8. That is, if d(y, y+e) 
> s, the probability p2. 


Linearsketch 


Let FKS = ((d, Y), y, €, Q, 9) be a fuzzy key setting 
defined previously. We design a linear sketch scheme which 
is used to code and correct the error. This scheme is similar 
to the one-time pad encryption scheme. In a one-time pad 
encryption scheme, a plaintext m’s ciphertext c with a key 
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sk is calculated as c = m + sk. The one-time pad encryption 
scheme satisfied the following property. For two ciphertexts 
c =m + sk and c 0 = m0 + sk with the same key sk, the 
“difference” 4m= m — m0 of plaintexts can be computed by 
comparing c and c 0. In the designed linear sketch scheme, 
we make use of the above one-time pad encryption’s 
property. Thus, the process of coding in the linear sketch 
scheme can be viewed as the process of one-way encryption 
in the one-time pad encryption scheme, which is used to 
code the biometric data with a random value. 


|| Biometric data y 
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3. Vefity the correctness of Proof 


Fig. 2. An overview of data integrity auditing scheme without 
private key storage 


4. Conclusion 


In this paper, we explore how to employ fuzzy 
private key to realize data integrity auditing without storing 
private key. We propose the first practical data integrity 
auditing scheme without private key storage for secure 
cloud storage. In the proposed scheme, we utilize biometric 
data (e.g. fingerprint, iris scan) as user’s fuzzy private key 
to achieve data integrity auditing without private key 
storage. In addition, we design a signature scheme 
supporting blockless verifiability and the compatibility with 
the linear sketch. The formal security proof and the 
performance analysis show that our proposed scheme is 
provably secure and efficient. 
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